.net Azure key Vault SecretClient

sakuraime 2,316 Reputation points
2021-10-25T04:23:47.547+00:00

If I am going to use an Azure use assigned app to authenticate the Azure sql database , and the secret of the App is put in keyvault. the library in the following

public SecretClient (Uri vaultUri, Azure.Core.TokenCredential credential);

build a connection to keyvault, before it can retrieve the secret from the keyvault.

what actually need to input to the above 'TokenCredential'???

so I will need another Azure user assigned app to access to the keyvault?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,105 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,428 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KalyanChanumolu-MSFT 8,316 Reputation points
    2021-10-25T10:49:11.207+00:00

    @sakuraime You should use DefaultAzureCredential(). 

    string keyVaultUri = "<your_keyvault_uri>";  
string secretName = "<your_secret_name>";  
   
var client = new SecretClient(vaultUri: keyVaultUri, credential: new DefaultAzureCredential());   
   
var secret = await client.GetSecretAsync(secretName);

    While running the code on your local development machine, it picks the credentials of the user logged into Visual Studio and when deployed to Azure, it picks the credentials of the managed identity.

    More on that topic is here

    The user running the app and the managed identity will need Key Vault Reader role on Azure KeyVault.

    Please let us know if you have any further questions.

    ----------

    If an answer is helpful, please click on 130616-image.png or upvote 130671-image.png which might help other community members reading this thread.